Feature: Secrets Manager restore-secret

This commit is contained in:
Christopher Kilding 2019-04-21 18:11:20 +01:00 committed by Chris Kilding
parent 734a39b3e4
commit 55fe629112
4 changed files with 62 additions and 1 deletions

View File

@ -3661,7 +3661,7 @@
- [ ] list_secret_version_ids - [ ] list_secret_version_ids
- [x] list_secrets - [x] list_secrets
- [ ] put_secret_value - [ ] put_secret_value
- [ ] restore_secret - [X] restore_secret
- [X] rotate_secret - [X] rotate_secret
- [ ] tag_resource - [ ] tag_resource
- [ ] untag_resource - [ ] untag_resource

View File

@ -271,6 +271,20 @@ class SecretsManagerBackend(BaseBackend):
return arn, name, self._unix_time_secs(deletion_date) return arn, name, self._unix_time_secs(deletion_date)
def restore_secret(self, secret_id):
if not self._is_valid_identifier(secret_id):
raise ResourceNotFoundException
self.secrets[secret_id].pop('deleted_date', None)
secret = self.secrets[secret_id]
arn = secret_arn(self.region, secret['secret_id'])
name = secret['name']
return arn, name
available_regions = ( available_regions = (
boto3.session.Session().get_available_regions("secretsmanager") boto3.session.Session().get_available_regions("secretsmanager")

View File

@ -86,3 +86,10 @@ class SecretsManagerResponse(BaseResponse):
force_delete_without_recovery=force_delete_without_recovery, force_delete_without_recovery=force_delete_without_recovery,
) )
return json.dumps(dict(ARN=arn, Name=name, DeletionDate=deletion_date)) return json.dumps(dict(ARN=arn, Name=name, DeletionDate=deletion_date))
def restore_secret(self):
secret_id = self._get_param("SecretId")
arn, name = secretsmanager_backends[self.region].restore_secret(
secret_id=secret_id,
)
return json.dumps(dict(ARN=arn, Name=name))

View File

@ -347,6 +347,46 @@ def test_list_secrets():
}] }]
@mock_secretsmanager
def test_restore_secret():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
conn.delete_secret(SecretId='test-secret')
described_secret_before = conn.describe_secret(SecretId='test-secret')
assert described_secret_before['DeletedDate'] > datetime.fromtimestamp(1, pytz.utc)
restored_secret = conn.restore_secret(SecretId='test-secret')
assert restored_secret['ARN']
assert restored_secret['Name'] == 'test-secret'
described_secret_after = conn.describe_secret(SecretId='test-secret')
assert 'DeletedDate' not in described_secret_after
@mock_secretsmanager
def test_restore_secret_that_is_not_deleted():
conn = boto3.client('secretsmanager', region_name='us-west-2')
conn.create_secret(Name='test-secret',
SecretString='foosecret')
restored_secret = conn.restore_secret(SecretId='test-secret')
assert restored_secret['ARN']
assert restored_secret['Name'] == 'test-secret'
@mock_secretsmanager
def test_restore_secret_that_does_not_exist():
conn = boto3.client('secretsmanager', region_name='us-west-2')
with assert_raises(ClientError):
result = conn.restore_secret(SecretId='i-dont-exist')
@mock_secretsmanager @mock_secretsmanager
def test_rotate_secret(): def test_rotate_secret():
secret_name = 'test-secret' secret_name = 'test-secret'